iTunes backup help...
#1
Greetings,

I hope all is well with you.  I was wondering if you could help me with figuring out my iTunes backup.  it has been a week since I decided to backup and restore my iPhone (school work, Childs memories  since birth). 

here's what happened. 
my phone has been giving me issues due to no space even though I deleted a few gigs to combat that problem.  apple forums stated that I had to backup and restore in order to fix the error.  

when it was time to use the backup it asked for a password that I could not remember.  

I know nothing about this field and I am a couple weeks from graduation but my work is in my phone...

for the last 6 days, I researched and basically was able to get the hash.   

Apple told me there is rules to make the pw but my friend showed me it could even be 1 character.   

I know it is going to be hard especially since this is not my field but I am extremely desperate and running out of time.  
can you please help me?  thank you regardless of your decision. 

here is the graphics information Intel Iris Plus Graphics 650 1536 MB.
Reply
#2
7 days now*.

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: iTunes backup >= 10.0
Hash.Target......: $itunes_backup$*10*4c539b8a37be9c670d35ef7c7fca8861...fda5a6
Time.Started.....: Sun Apr 28 17:48:43 2019 (8 mins, 4 secs)
Time.Estimated...: Sun Apr 28 17:56:47 2019 (0 secs)
Guess.Mask.......: ?1 [1]
Guess.Charset....: -1 a, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#2.....: 0 H/s (2.06ms) @ Accel:2 Loops:62 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 1/1 (100.00%)
Reply
#3
best advice is to remember as much as possible from the password that was (probably) used and build some small (or up to medium) sized dictionary which follows those policies/patterns.

Of course it's not easy to crack those hashes, because they are of course very hard/slow ones (among the hardest hash algorithms that hashcat supports).

The best strategy therefore is to come up with a good plan on what you think the password could be (how long, is it using some entire words that can be found in dictionaries, does it use special characters or numbers at the end etc).

hashcat can help a lot but of course you also need to instruct hashcat to test the correct password candidate(s) that hopefully will give you back your password (and data).
Reply
#4
(04-30-2019, 10:40 AM)philsmd Wrote: best advice is to remember as much as possible from the password that was (probably) used and build some small (or up to medium) sized dictionary which follows those policies/patterns.

Of course it's not easy to crack those hashes, because they are of course very hard/slow ones (among the hardest hash algorithms that hashcat supports).

The best strategy therefore is to come up with a good plan on what you think the password could be (how long, is it using some entire words that can be found in dictionaries, does it use special characters or numbers at the end etc).

hashcat can help a lot but of course you also need to instruct hashcat to test the correct password candidate(s) that hopefully will give you back your password (and data).


Thank you for responding Philsmd,  I have a list of possible passwords.  I tried to get ccup on my MacBook but I have been unsuccessful.   Manifest I am still trying to learn.  

is there a formula you can provide me with to use with the list to create more passwords?  I have a feeling I might have 

in addition to this is there a program that I can use to speed up my laptop?
Reply
#5
Update.

with a help of a friend we decided to try to reduce the amount of possible pws.
For some reason after guess.queue 2, hash cat stopped running. I tried it again and the same thing happened.....
again I am extremely new to this field and I am running out of time.

[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => s

Session..........: hashcat
Status...........: Running
Hash.Type........: iTunes backup >= 10.0
Hash.Target......: $itunes_backup$*10*4c539b8a37be9c670d35ef7c7fca8861...fda5a6
Time.Started.....: Tue Apr 30 02:30:46 2019 (7 secs)
Time.Estimated...: Tue Apr 30 02:30:53 2019 (0 secs)
Guess.Mask.......: ?1 [1]
Guess.Charset....: -1 ?l?u?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/17 (5.88%)
Speed.Dev.#2.....: 0 H/s (2.36ms) @ Accel:2 Loops:62 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/62 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/1 (0.00%)
Candidates.#2....: s -> s

[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => b

Next dictionary / mask in queue selected. Bypassing current one.

Session..........: hashcat
Status...........: Bypass
Hash.Type........: iTunes backup >= 10.0
Hash.Target......: $itunes_backup$*10*4c539b8a37be9c670d35ef7c7fca8861...fda5a6
Time.Started.....: Tue Apr 30 02:30:46 2019 (10 secs)
Time.Estimated...: Tue Apr 30 02:30:56 2019 (0 secs)
Guess.Mask.......: ?1 [1]
Guess.Charset....: -1 ?l?u?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/17 (5.88%)
Speed.Dev.#2.....: 0 H/s (2.35ms) @ Accel:2 Loops:62 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/62 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/1 (0.00%)
Candidates.#2....: s -> s

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => b

Next dictionary / mask in queue selected. Bypassing current one.

Session..........: hashcat
Status...........: Bypass
Hash.Type........: iTunes backup >= 10.0
Hash.Target......: $itunes_backup$*10*4c539b8a37be9c670d35ef7c7fca8861...fda5a6
Time.Started.....: Tue Apr 30 02:30:57 2019 (2 secs)
Time.Estimated...: Tue Apr 30 02:30:59 2019 (0 secs)
Guess.Mask.......: ?1?1 [2]
Guess.Charset....: -1 ?l?u?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 2/17 (11.76%)
Speed.Dev.#2.....: 0 H/s (2.44ms) @ Accel:2 Loops:62 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/3844 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/62 (0.00%)
Candidates.#2....: sa -> sQ

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => Abort trap: 6
Exits-MacBook-Pro:hashcat exittainment$
Reply
#6
I think brute-force is a very bad strategy here.

I would stick with dictionary attacks (-a 0) and only if you are sure about a very specific pattern or did already try all possibilities (likely passwords) and want to manipulate them a little bit, you could use a small set of rules (https://hashcat.net/wiki/doku.php?id=rule_based_attack) together with the -a 0 dictionary attack.

btw: cracking with a notebook is also amongs the worst things you could do here, not only because you could damage your notebook, but also because the performance will be bad because of throttling and temperature issues.
Reply
#7
(04-30-2019, 07:05 PM)philsmd Wrote: btw: cracking with a notebook is also amongs the worst things you could do here, not only because you could damage your notebook, but also because the performance will be bad because of throttling and temperature issues.

I would take phils advice. Unless you have some idea of ANY characters within the password or length, you're fighting an endless battle with such a slow hash. I'm not saying not to try but anything above 3-4 characters on that macbook will probably take years.

Heres with a GTX 1070 for 5 character password with all cases(using the example hash):

Session..........: hashcat
Status...........: Running
Hash.Type........: iTunes backup >= 10.0
Hash.Target......: $itunes_backup$*10*8b715f516ff8e64442c478c2d9abb046...052063
Time.Started.....: Tue Apr 30 16:52:48 2019 (4 secs)
Time.Estimated...: Mon Sep 13 12:20:09 2021 (2 years, 136 days)
Guess.Mask.......: ?a?a?a?a?a [5]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:      103 H/s (4.49ms) @ Accel:2 Loops:250 Thr:640 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/7737809375 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/81450625 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:224750-225000
Candidates.#1....: sarie -> s1sha
Hardware.Mon.#1..: Temp: 31c Fan: 25% Util: 97% Core:1999MHz Mem:3802MHz Bus:16
Reply
#8
(04-30-2019, 07:05 PM)philsmd Wrote: I think brute-force is a very bad strategy here.

I would stick with dictionary attacks (-a 0) and only if you are sure about a very specific pattern or did already try all possibilities (likely passwords) and want to manipulate them a little bit, you could use a small set of rules (https://hashcat.net/wiki/doku.php?id=rule_based_attack) together with the -a 0 dictionary attack.

btw: cracking with a notebook is also amongs the worst things you could do here, not only because you could damage your notebook, but also because the performance will be bad because of throttling and temperature issues.



Thank you for your advice Philsmd.  I pretty much used my phone as a laptop to complete school work until I was recently gifted a laptop.  I never imagined that that gift would be the cause of me not graduating this semester to say the least.  I guess I have no choice but to stop using my laptop trying to crack my password.  Last thing I want to do is damage the laptop that has the data....

Thank you
Reply
#9
(05-01-2019, 12:55 AM)slyexe Wrote:
(04-30-2019, 07:05 PM)philsmd Wrote: btw: cracking with a notebook is also amongs the worst things you could do here, not only because you could damage your notebook, but also because the performance will be bad because of throttling and temperature issues.

I would take phils advice. Unless you have some idea of ANY characters within the password or length, you're fighting an endless battle with such a slow hash. I'm not saying not to try but anything above 3-4 characters on that macbook will probably take years.

Heres with a GTX 1070 for 5 character password with all cases(using the example hash):

Session..........: hashcat
Status...........: Running
Hash.Type........: iTunes backup >= 10.0
Hash.Target......: $itunes_backup$*10*8b715f516ff8e64442c478c2d9abb046...052063
Time.Started.....: Tue Apr 30 16:52:48 2019 (4 secs)
Time.Estimated...: Mon Sep 13 12:20:09 2021 (2 years, 136 days)
Guess.Mask.......: ?a?a?a?a?a [5]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:      103 H/s (4.49ms) @ Accel:2 Loops:250 Thr:640 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/7737809375 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/81450625 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:224750-225000
Candidates.#1....: sarie -> s1sha
Hardware.Mon.#1..: Temp: 31c Fan: 25% Util: 97% Core:1999MHz Mem:3802MHz Bus:16

Wow.....  thank you for providing me with that sample.  Imagine it would have cracked it in one shot.
 Dictionary attacks seems like my only choice.  I wrote down a lot of possibilities but like what you and Philsmd said this MacBook is not qualified for this task....  I just want my work back and my Childs memory.
Reply
#10
Update....

Last week of the semester and I am still unsuccessful at getting my password.... I must admit since I had a lot of work to make up therefore I could not spend as much time probably needed to recover my password. One person responded to help me then stopped responding so I guess that was that... anything else I could try would be greatly appreciated.

Thanks to all that responded......
Reply